MoinQ:

https://www.media-structure.com

xserver NSに戻っている。-- ToshinoriMaeno 2022-04-28 00:48:26

現在clientHoldになっている。-- ToshinoriMaeno 2022-04-23 04:10:41

https://twitter.com/harugasumi/status/1516615232734777344?s=20&t=npywSODi-MjnD04_9gduBg

Miyuki Chikara @harugasumi
本日tweetした、TS CUBIC CARDとAmerican Expressのフィッシング詐欺事案、
・フィッシングサイトは、レジストラがGMO、勝手にサブドメインをつくられてDNS設定された事案
・フィッシングメール送信元は、さくらインターネット(恐らくVPS)で、数週間、このパターンが続いています。
午後0:10 · 2022年4月20日·Twitter Web App

1. 04-26

  Domain Name: MEDIA-STRUCTURE.COM
   Registry Domain ID: 2026211198_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.discount-domain.com
   Registrar URL: http://gmo.jp
   Updated Date: 2022-04-26T20:32:56Z
   Creation Date: 2016-05-06T01:35:19Z
   Registry Expiry Date: 2024-05-06T01:35:19Z
   Registrar: GMO Internet, Inc. d/b/a Onamae.com
   Registrar IANA ID: 49
   Registrar Abuse Contact Email: abuse@gmo.jp
   Registrar Abuse Contact Phone: +81.337709199
   Domain Status: ok https://icann.org/epp#ok
   Name Server: 01.DNSV.JP
   Name Server: 02.DNSV.JP
   Name Server: 03.DNSV.JP
   Name Server: 04.DNSV.JP
   DNSSEC: unsigned
   URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2022-04-27T03:13:42Z <<<

ts3.media-structure.com  NXDOMAIN

https://ts3.media-structure.com/

2. whois

   Domain Name: MEDIA-STRUCTURE.COM
   Registry Domain ID: 2026211198_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.discount-domain.com
   Registrar URL: http://gmo.jp
   Updated Date: 2022-04-21T11:27:29Z
   Creation Date: 2016-05-06T01:35:19Z
   Registry Expiry Date: 2024-05-06T01:35:19Z
   Registrar: GMO Internet, Inc. d/b/a Onamae.com
   Registrar IANA ID: 49
   Registrar Abuse Contact Email: abuse@gmo.jp
   Registrar Abuse Contact Phone: +81.337709199
   Domain Status: clientHold https://icann.org/epp#clientHold
   Name Server: NS1.XSERVER.JP
   Name Server: NS2.XSERVER.JP
   Name Server: NS3.XSERVER.JP
   Name Server: NS4.XSERVER.JP
   Name Server: NS5.XSERVER.JP
   DNSSEC: unsigned
   URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2022-04-21T13:08:46Z <<<

ts3.media-structure.com. 3600   IN      A       183.181.82.131
131.82.181.183.in-addr.arpa. 3600 IN    PTR     sv10290.xserver.jp.

$ dig -t a \*.media-structure.com @ns1.xserver.jp

; <<>> DiG 9.11.3-1ubuntu1.17-Ubuntu <<>> -t a *.media-structure.com @ns1.xserver.jp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 812
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1680
; NSID: 6e 73 31 2e 78 73 65 72 76 65 72 2e 6a 70 ("ns1.xserver.jp")
;; QUESTION SECTION:
;*.media-structure.com.         IN      A

;; ANSWER SECTION:
*.media-structure.com.  3600    IN      A       183.181.82.131

;; Query time: 28 msec
;; SERVER: 219.94.200.170#53(219.94.200.170)
;; WHEN: Sat Apr 23 13:14:00 JST 2022
;; MSG SIZE  rcvd: 84

clientHold (理由は不明、フィッシングかも)

3. 旧サーバー

   Domain Name: MEDIA-STRUCTURE.COM
   Registry Domain ID: 2026211198_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.discount-domain.com
   Registrar URL: http://gmo.jp
   Updated Date: 2022-04-20T09:01:54Z
   Creation Date: 2016-05-06T01:35:19Z
   Registry Expiry Date: 2024-05-06T01:35:19Z
   Registrar: GMO Internet, Inc. d/b/a Onamae.com
   Registrar IANA ID: 49
   Registrar Abuse Contact Email: abuse@gmo.jp
   Registrar Abuse Contact Phone: +81.337709199
   Domain Status: clientHold https://icann.org/epp#clientHold
   Name Server: 01.DNSV.JP
   Name Server: 02.DNSV.JP
   Name Server: 03.DNSV.JP
   Name Server: 04.DNSV.JP
   DNSSEC: unsigned
   URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2022-04-20T14:40:46Z <<<

ts3.media-structure.com. 3600   IN      A       115.144.69.102  KINX

4. 115.144.69.102

ts3.media-structure.com         KINX    ‐
vpass.capital-science.co.jp             KINX    ‐
ame.modeltrain.tokyo            KINX    ‐
amex.context-thinking.com               KINX    ‐

5. history

ts3.media-structure.com
115.144.69.102

ns1.xserver.jp
ns2.xserver.jp
ns3.xserver.jp
ns4.xserver.jp
ns5.xserver.jp
        Xserver Inc.
        2019-07-31 (3 years)    2022-04-27 (today)      3 years
ts3.media-structure.com. 3600   IN      A       183.181.82.131
131.82.181.183.in-addr.arpa. 3600 IN    PTR     sv10290.xserver.jp.

同類? https://twitter.com/harugasumi/status/1516603061833433090?s=20&t=npywSODi-MjnD04_9gduBg


CategoryDns CategoryWatch CategoryTemplate

MoinQ: watchNS/dnsv/media-structure.com (last edited 2022-04-28 00:48:46 by ToshinoriMaeno)